Detections
Analytics

ESXi 5.0 < Build 608089 Multiple Vulnerabilities (remote check)

high Nessus Plugin ID 70881

Language:

Synopsis

The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.

Description

The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities :

 - A denial of service vulnerability exists in the big2_toUtf8() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application.
 (CVE-2009-3560)

 - A denial of service vulnerability exists in the updatePosition() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application.
 (CVE-2009-3720)

 - An integer overflow condition exists in the BZ2_decompress() function in file decompress.c in the bzip2 and libbzip2 library. A remote attacker can exploit this, via a crafted compressed file, to cause a denial of service or the execution of arbitrary code.
 (CVE-2010-0405)

 - A denial of service vulnerability exists in the audioop module due to multiple integer overflows conditions in file audioop.c. A remote attacker can exploit this, via a large fragment or argument, to cause a buffer overflow, resulting in an application crash.
 (CVE-2010-1634)

 - A denial of service vulnerability exists in the audioop module due to a failure to verify the relationships between size arguments and byte string length. A remote attacker can exploit this, via crafted arguments, to cause memory corruption, resulting in an application crash. (CVE-2010-2089)

 - A flaw exists in the urllib and urllib2 modules due to processing Location headers that specify redirection to a file. A remote attacker can exploit this, via a crafted URL, to gain sensitive information or cause a denial of service. (CVE-2011-1521)

 - A privilege escalation vulnerability exists due to an incorrect ACL being used for the VMware Tools folder. An attacker on an adjacent network with access to a guest operating system can exploit this to gain elevated privileges on the guest operating system.
 (CVE-2012-1518)

Solution

Apply patches ESXi500-201203102-SG and ESXi500-201203101-SG according to the vendor advisory.

See Also

http://www.nessus.org/u?5e527c97

https://www.vmware.com/security/advisories/VMSA-2012-0001.html

https://www.vmware.com/security/advisories/VMSA-2012-0005.html

http://www.vmware.com/security/advisories/VMSA-2012-0007.html

http://www.nessus.org/u?f1d92f8f

http://www.nessus.org/u?e044b71b

Plugin Details

Severity: High

ID: 70881

File Name: vmware_esxi_5_0_build_608089_remote.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 11/13/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.5

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.9

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi:5.0

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/15/2012

Vulnerability Publication Date: 11/5/2009

Exploitable With

CANVAS (White_Phosphorus)

Reference Information

CVE: CVE-2009-3560, CVE-2009-3720, CVE-2010-0405, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521, CVE-2012-1518

BID: 36097, 37203, 40370, 40863, 43331, 47024, 53006

CWE: 119

IAVB: 2010-B-0083

VMSA: 2012-0001, 2012-0005, 2012-0007